commit: b1a1e693bd27051324b2d7b1f3af2f5ed5576a1b Author: Eduardo Barretto <ebarretto <AT> linux <DOT> vnet <DOT> ibm <DOT> com> AuthorDate: Wed Nov 29 13:29:55 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Dec 12 07:07:30 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b1a1e693
Update pkcs policy to include pkccsslotd.service pkcsslotd.service was running, incorrectly, with default systemd label. Fixed it by creating the pkcs_slotd_unit_file_t type and updating the file context. Signed-off-by: Eduardo Barretto <ebarretto <AT> linux.vnet.ibm.com> policy/modules/contrib/pkcs.fc | 2 ++ policy/modules/contrib/pkcs.te | 3 +++ 2 files changed, 5 insertions(+) diff --git a/policy/modules/contrib/pkcs.fc b/policy/modules/contrib/pkcs.fc index 148293a9..9dbb5d54 100644 --- a/policy/modules/contrib/pkcs.fc +++ b/policy/modules/contrib/pkcs.fc @@ -2,6 +2,8 @@ /usr/bin/pkcsslotd -- gen_context(system_u:object_r:pkcs_slotd_exec_t,s0) +/usr/lib/systemd/system/pkcsslotd.service gen_context(system_u:object_r:pkcs_slotd_unit_file_t,s0) + /usr/sbin/pkcsslotd -- gen_context(system_u:object_r:pkcs_slotd_exec_t,s0) /var/lib/opencryptoki(/.*)? gen_context(system_u:object_r:pkcs_slotd_var_lib_t,s0) diff --git a/policy/modules/contrib/pkcs.te b/policy/modules/contrib/pkcs.te index 17b471d6..1ede749f 100644 --- a/policy/modules/contrib/pkcs.te +++ b/policy/modules/contrib/pkcs.te @@ -24,6 +24,9 @@ files_tmp_file(pkcs_slotd_tmp_t) type pkcs_slotd_tmpfs_t; files_tmpfs_file(pkcs_slotd_tmpfs_t) +type pkcs_slotd_unit_file_t; +init_unit_file(pkcs_slotd_unit_file_t) + ######################################## # # Local policy
